[CLOSE] OSVDB ID : 35271 - Disclosed: 2007-04-04

Description:

Appweb contains a memory leak flaw that may allow a remote denial of service. The issue is triggered when calling certain ESP/EJS functions in a dynamic web page. With a specially crafted request, a remote attacker can cause the service to crash.

[CLOSE] OSVDB ID : 37396 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 42079 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42080 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42081 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42082 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42083 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42084 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 71549 - Disclosed: 2007-04-04

Description:

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a stack consumption vulnerability occurs in the 'dissect_ber_choice' function in the 'BER dissector', allowing a remote attacker to cause an infinite loop denial of service via self-referential ASN.1 CHOICE values.

[CLOSE] OSVDB ID : 34095 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

[CLOSE] OSVDB ID : 34096 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

[CLOSE] OSVDB ID : 34097 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.

[CLOSE] OSVDB ID : 34098 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.

[CLOSE] OSVDB ID : 34099 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.

[CLOSE] OSVDB ID : 35233 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party.

[CLOSE] OSVDB ID : 45488 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.

[CLOSE] OSVDB ID : 34685 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.

[CLOSE] OSVDB ID : 34319 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.

[CLOSE] OSVDB ID : 34105 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

[CLOSE] OSVDB ID : 34106 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

[CLOSE] OSVDB ID : 34320 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments.

[CLOSE] OSVDB ID : 34104 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

[CLOSE] OSVDB ID : 35306 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.

[CLOSE] OSVDB ID : 34145 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.

[CLOSE] OSVDB ID : 34146 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.

[CLOSE] OSVDB ID : 34917 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

[CLOSE] OSVDB ID : 34630 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.

[CLOSE] OSVDB ID : 34458 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.

[CLOSE] OSVDB ID : 34657 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.

[CLOSE] OSVDB ID : 34350 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

[CLOSE] OSVDB ID : 34351 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

[CLOSE] OSVDB ID : 34107 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

[CLOSE] OSVDB ID : 34108 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

[CLOSE] OSVDB ID : 34109 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

[CLOSE] OSVDB ID : 34110 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

[CLOSE] OSVDB ID : 34918 - Disclosed: 2007-04-03

Description:

(Description Provided by CVE) : Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

[CLOSE] OSVDB ID : 34620 - Disclosed: 2007-04-02

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.

[CLOSE] OSVDB ID : 34680 - Disclosed: 2007-04-02

Description:

(Description Provided by CVE) : Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.

[CLOSE] OSVDB ID : 41387 - Disclosed: 2007-04-02

Description:

(Description Provided by CVE) : SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

[CLOSE] OSVDB ID : 35267 - Disclosed: 2007-04-02

Description:

A buffer overflow exists in VMware ESX Server. No further details have been provided.